security Archives - Developer Tech News

NPM supply chain attack uses Ethereum blockchain

Ryan Daws — Mon, 04 Nov 2024 15:26:36 +0000

Checkmarx researchers have detected a unique supply chain attack within the NPM ecosystem that uses the Ethereum blockchain. The malicious package, dubbed “jest-fet-mock,” targets developers with a multi-platform malware employing Ethereum smart contracts for command-and-control (C2) operations. This marks a convergence of blockchain technology with traditional attack vectors—a method not yet observed in NPM packages. ... Read more »

The post NPM supply chain attack uses Ethereum blockchain appeared first on Developer Tech News.

EMERALDWHALE exploits vulnerable Git configuration files

Ryan Daws — Fri, 01 Nov 2024 15:35:46 +0000

Sysdig’s Threat Research Team (TRT) has uncovered a global operation known as EMERALDWHALE, which has stolen over 15,000 cloud service credentials by exploiting exposed Git configuration files. EMERALDWHALE utilised multiple private tools to exploit several misconfigured web services, resulting in the theft of credentials from more than 10,000 private repositories. Though the operation’s primary targets... Read more »

The post EMERALDWHALE exploits vulnerable Git configuration files appeared first on Developer Tech News.

Foundem vs. Google: How one startup’s story shaped big tech regulations

Muhammad Zulhusni — Thu, 31 Oct 2024 08:00:54 +0000

For most startup founders, launch day is a nerve-wracking blend of excitement and worry. But for Shivaun Raff and her husband, Adam, that day in June 2006 turned into a nightmare they hadn’t seen coming. Their new venture, Foundem—a unique price comparison website they’d left stable careers to create—was finally live. But soon after launch,... Read more »

The post Foundem vs. Google: How one startup’s story shaped big tech regulations appeared first on Developer Tech News.

Beyond antivirus: Other essential tools to protect your Mac

Muhammad Zulhusni — Thu, 31 Oct 2024 08:00:50 +0000

Macs were once thought to be nearly invincible from a cybersecurity perspective, but now face more threats than ever. Just a few years ago, Mac-specific malware was a rarity. In 2021, security specialist Patrick Wardle discovered eight new malware families that targeted the platform. By 2023, that number grew to 21. While this may seem... Read more »

The post Beyond antivirus: Other essential tools to protect your Mac appeared first on Developer Tech News.

Holistic’s open-source tools counter AI development risks

Ryan Daws — Wed, 23 Oct 2024 09:27:35 +0000

Holistic has unveiled an open-source library to help counter AI development risks and build fairer and more responsible systems. The library – dubbed Holistic AI OSL – arrives at a crucial moment when organisations are increasingly deploying AI systems across sensitive domains including recruitment, healthcare, and financial services. Recent studies suggest that 65% of AI... Read more »

The post Holistic’s open-source tools counter AI development risks appeared first on Developer Tech News.

Zscaler highlights security trends challenging developers

Ryan Daws — Tue, 15 Oct 2024 15:28:37 +0000

Zscaler has released its annual ThreatLabz report, highlighting security challenges that should be on every developer’s radar. The 2024 Mobile, IoT, and OT Threat Report – covering June 2023 to May 2024 – highlights critical vulnerabilities in mobile applications, IoT devices, and operational technology (OT) systems that demand immediate attention from the development community. One... Read more »

The post Zscaler highlights security trends challenging developers appeared first on Developer Tech News.

Entry points threaten multiple open-source ecosystems

Ryan Daws — Mon, 14 Oct 2024 13:58:48 +0000

While current tools have improved at detecting common tactics for exploiting open-source packages, a feature remains largely overlooked: entry points. Security researchers at Checkmarx uncovered how attackers can leverage entry points across multiple programming ecosystems, with a particular focus on PyPI, to trick victims into running malicious code. This method – while not allowing for... Read more »

The post Entry points threaten multiple open-source ecosystems appeared first on Developer Tech News.

GitLab releases critical security patches amid vulnerability streak

Ryan Daws — Fri, 11 Oct 2024 13:30:48 +0000

GitLab has released a new round of critical security patches for its Community Edition (CE) and Enterprise Edition (EE) products. The company strongly recommends that all self-managed GitLab installations be upgraded immediately to one of the latest versions: 17.4.2, 17.3.5, or 17.2.9. These patch releases address several critical and high-severity vulnerabilities, including a critical flaw... Read more »

The post GitLab releases critical security patches amid vulnerability streak appeared first on Developer Tech News.

Safe Coding: Google’s strategy reduces memory safety vulnerabilities

Ryan Daws — Thu, 26 Sep 2024 14:10:17 +0000

Google has unveiled compelling data highlighting the efficacy of its “Safe Coding” approach in reducing memory safety vulnerabilities. The tech giant’s strategy, which prioritises the use of memory-safe programming languages for new code development, has yielded impressive results. Most notably, Android has seen a sharp decline in memory safety vulnerabilities, plummeting from 76% of all... Read more »

The post Safe Coding: Google’s strategy reduces memory safety vulnerabilities appeared first on Developer Tech News.

North Korean hackers target developers with fake job interviews

Ryan Daws — Wed, 11 Sep 2024 16:11:25 +0000

Cybersecurity researchers at ReversingLabs have uncovered malicious software packages linked to a campaign known as VMConnect, believed to be orchestrated by the North Korean hacking team Lazarus Group. The campaign, first identified in August 2023, uses fake job interviews to lure developers into downloading and executing malicious code. The latest samples were traced to GitHub... Read more »

The post North Korean hackers target developers with fake job interviews appeared first on Developer Tech News.